selinux eradicator?

Jim Cornette fc-cornette at insight.rr.com
Fri Jun 29 02:27:06 UTC 2007


Mike McCarty wrote:
> Partially, my point is that any time one modifies any package, no
> matter for what reason, there is the opportunity to introduce
> defects. Therefore, all applications which are affected by SELinux,
> potentially all of them, now have an opportunity for defects to be
> introduced; a circumstance which would not occur if not for SELinux.

An earlier problem with at-spi took down a large range of programs 
because of a chain of programs linked to it. This has little to do with 
SELinux except to say that vulnerabilities which could have a domino 
effect could be halted from action if policy prevented abnormal 
operation from vulnerable programs.

> 
> Also, SELinux is itself a large chunk of code, with its own defects.

No doubt that it can become better as problems are spotted and addressed.

> 
> My bottom line: There is not overwhelming evidence that SELinux
> provides a net wothwhile increase in security of non secure systems.
> As long as this situation continues, then there is room for people
> like Karl not to want it on his machine.
> 
> I'm not lobbying for anyone to remove it. I'm not trying to convince
> anyone that it's a bad thing. I'm lobbying for people to have a CHOICE
> whether to install it, without also having to exercise the choice to
> use a different distro. I thinks that's only reasonable.

Why anyone would switch distros because of SELinux integration compared 
to the multimedia digital writes issues preventing out of the box 
multimedia support.

If they want it completely off of their systems maybe a new distro fork 
can be born from their desire to eradicate SELinux completely from their 
systems.

Jim

> 
> Mike




More information about the fedora-list mailing list